CVE-2021-41878

A reflected cross-site scripting XSS vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button...

CVE-2022-41878

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the...

CVE-2024-41878

creationtimestamp| type| source ---|---|--- 2024-08-23 19:38:42+00:00| seen| https://t.me/cvedetector/4019...

CVE-2023-41878 Weak password of selenium VNC in MeterSphere

MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high...

CVE-2023-41878 Weak password of selenium VNC in MeterSphere

MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high...

U.S. Dept Of Defense: XSS on ( █████████.gov ) Via URL path

An XSS vulnerability was discovered on a government website, allowing an attacker to execute malicious code on the victim's browser and steal their cookies, potentially leading to account takeover. The vulnerability was exploited by injecting a script into the URL path. The suggested mitigation i...

CVE-2022-41878 Parse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the...

CVE-2022-41878

Parse Server contains a prototype pollution vulnerability (CVE-2022-41878) where keywords defined in the requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers, allowing them to be saved to the database and bypass the denylist. Affected versions are prior to 4.10.19 or 5.3.2; ...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-41878 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-41878 Source advisory: OSV:GHSA-XPRV-WVH7-QQQX...

Security Bulletin:IBM TRIRIGA Application Platform discloses possible path command execution(CVE-2021-41878)

Summary Tririga discloses possible path command execution Vulnerability Details IBM X-Force ID: 89068 DESCRIPTION: Multiple Android Superuser packages contain an unspecified vulnerability related to a search path which could allow a local attacker to execute arbitrary commands on the system with...

i-Panel Administration System 2.0 Cross Site Scripting

Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting XSS Date: 04.10.2021 Exploit Author: Forster Chiu Vendor Homepage: https://www.hkurl.com Version: 2.0 Tested on: Chrome, Edge and Firefox CVE: CVE-2021-41878 Reference:...

i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)

Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting XSS Date: 04.10.2021 Exploit Author: Forster Chiu Vendor Homepage: https://www.hkurl.com Version: 2.0 Tested on: Chrome, Edge and Firefox CVE: CVE-2021-41878 Reference:...

i-Panel Administration System 2.0 - Reflected Cross-site Scripting Vulnerability

Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting XSS Exploit Author: Forster Chiu Vendor Homepage: https://www.hkurl.com Version: 2.0 Tested on: Chrome, Edge and Firefox CVE: CVE-2021-41878 Reference: https://cybergroot.com/cvesubmission/2021-1/XSSi-Panel2.0.html ...

CVE-2021-41878

creationtimestamp| type| source ---|---|--- 2021-10-04 16:23:16+00:00| seen| https://t.me/cibsecurity/29860...

CVE-2021-41878

A reflected cross-site scripting XSS vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button...

CVE-2021-41878

CVE-2021-41878 affects i-Panel Administration System 2.0. A reflected cross-site scripting (XSS) flaw allows remote attackers to execute arbitrary JavaScript in the browser-based web console. PoCs show crafted URLs (e.g., /lostpassword.php/…) injecting script; multiple public writeups and exploit...